Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [Exim] "Mailbox bounce arrival rate exceeds system limit" from
yahoo
On Tue, 3 Jun 2003, Rossz Vamos-Wentworth wrote:
> [ Converted text/html to text/plain ]
(I don't see the point of sending HTML to a plaintext mailing list...)
[quoting me without attribution:]
> > Today's standoff situation, as it happens, was a sender presenting
> > some implausible-looking envelope sender address at yahoo.co.kr which,
> ><div> ^^^^^ huh? I didn't say that.
> Sounds to me like the sender is trying something funny.
But the situation I was describing exists anyway, and seems to call
for some kind of solution. As I said:
| This pattern isn't specific to yahoo.co.kr, it's just an example for
| the purpose of discussion. > Perhaps a spammer
> trying to keep you from checking up on him in real time?
I don't follow your logic. How would a spammer go about convincing
yahoo.co.kr that our specific IP address has triggered the "Mailbox
bounce arrival rate exceeds system limit" situation at their servers?
I can only see how they'd do it indirectly: by offering us sufficient
numbers of counterfeited sender addresses in the same domain,
provoking us into trying callouts against them all. So it looks as if
the logical cure would be for us to adopt some kind of rate-limiting
on our own callouts. I was hoping someone might have devised a way of
achieving something like that.
> I've bounced a large
> number of supposedly yahoo mail that was actually from an open relay in Korea.
> What does the ip address really point to?
In this particular case, the IP address pointed to a bona fide MTA
which had evidently accepted the mail in question, and was trying to
forward it to us, due to the recipient's .forward file there. But as
I say, I'm still interested in an approach to the general problem
which I described. This was only meant as one illustrative example.
> > <div>
> > <div>